chore(deps): bump the go-dependencies group across 1 directory with 29 updates by dependabot[bot] · Pull Request #3204 · flanksource/mission-control

dependabot · 2026-06-09T05:52:53Z

Bumps the go-dependencies group with 22 updates in the / directory:

Package	From	To
github.com/jackc/pgx/v5	`5.9.2`	`5.10.0`
github.com/onsi/ginkgo/v2	`2.28.3`	`2.29.0`
github.com/onsi/gomega	`1.40.0`	`1.41.0`
github.com/ory/client-go	`1.22.39`	`1.22.48`
github.com/aws/aws-sdk-go-v2	`1.41.7`	`1.42.0`
github.com/aws/aws-sdk-go-v2/config	`1.32.17`	`1.32.24`
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	`1.73.0`	`1.75.2`
github.com/flanksource/clicky	`1.21.9`	`1.21.15`
github.com/fluxcd/pkg/gittestserver	`0.28.0`	`0.29.0`
github.com/mark3labs/mcp-go	`0.53.0`	`0.54.1`
github.com/prometheus/common	`0.67.5`	`0.68.1`
github.com/redis/go-redis/v9	`9.19.0`	`9.20.0`
github.com/samber/oops	`1.21.0`	`1.22.0`
github.com/slack-go/slack	`0.23.1`	`0.25.0`
go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho	`0.68.0`	`0.69.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace	`1.43.0`	`1.44.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	`1.43.0`	`1.44.0`
golang.org/x/sync	`0.20.0`	`0.21.0`
google.golang.org/genai	`1.56.0`	`1.59.0`
github.com/Azure/azure-sdk-for-go/sdk/azcore	`1.21.1`	`1.22.0`
golang.org/x/text	`0.37.0`	`0.38.0`
google.golang.org/api	`0.279.0`	`0.283.0`

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.3 to 2.29.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.29.0

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

Commits

04b5bcb v2.29.0
124232a docs: GinkgoHelperGo
ad9cee8 feat: GinkgoHelperGo, with integration tests
9e56a0a chore: refactor devcontainer for better maintenance
3d235a9 chore: ignore internal/tmp_*/ integration suite temporary dirs
782666a feat: devcontainer configuration with local pkgsite and GH pages
009dd04 Support DescribeTableSubtree in ginkgo outline
See full diff in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.41.0

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits

af2bccb v1.41.0
73e81f6 v1.41.0 (full)
e35a84f feat: devcontainer configuration with local pkgsite and GH pages
f12e5e1 fix(format): detect pointer cycles to avoid runaway formatting output
e14831f Add optionalDescription docs to AsyncAssertion and Assertion interfaces
344b94d Add BeASlice and BeAnArray matchers
See full diff in compare view

Updates github.com/ory/client-go from 1.22.39 to 1.22.48

Commits

5659b6e autogen: regenerate OpenAPI client for v1.22.48
3d4b2a1 autogen: regenerate OpenAPI client for v1.22.47
2ed3e67 autogen: regenerate OpenAPI client for v1.22.46
a57cb13 autogen: regenerate OpenAPI client for v1.22.45
e19ccc9 autogen: regenerate OpenAPI client for v1.22.44
c04e7cd autogen: regenerate OpenAPI client for v1.22.43
602d9e1 autogen: regenerate OpenAPI client for v1.22.42
18f7e5c autogen: regenerate OpenAPI client for v1.22.41
3b911eb chore: update repository templates to ory/meta@1140...
6848c73 autogen: regenerate OpenAPI client for v1.22.40
See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.42.0

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.24

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.23

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.73.0 to 1.75.2

Commits

e2e9697 Release 2025-01-31
6576a09 Regenerated Clients
f762573 Update API model
c94df29 add transfer manager doc header (#2990)
880543c revert the revert on the transfer manager beta (#2993)
8da49e5 switch to code-generated waiters for remaining services (#2994)
c7c6865 Release 2025-01-30
70f736c Regenerated Clients
28731c2 Update endpoints model
3505e4b Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.42.1 to 1.43.3

Commits

fa369bd Release 2026-06-03
960ee4d Regenerated Clients
4b6df8b Update endpoints model
30b15dd Update API model
e8c72af enable schema-serde (#3421)
b4d02c5 Release 2026-06-02
48e375b Regenerated Clients
b8a4fc1 Update API model
e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
4e258a3 chore: update changelog description per review
Additional commits viewable in compare view

Updates github.com/flanksource/clicky from 1.21.9 to 1.21.15

Release notes

Sourced from github.com/flanksource/clicky's releases.

v1.21.15

1.21.15 (2026-06-07)

⚠ BREAKING CHANGES

entity: runEntityOp now extracts paged results via PageRows() interface method before formatting, changing how paged responses are serialized in RPC responses.

✨ Features

entity: add pagination support for entity list operations (6903915)

rpc,entity: add context-aware filter lookup support for request-scoped state (442a560)

🐛 Bug Fixes

entity,rpc: address PR review comments and lint e2e go.sum failures (28bd967)

📦 Build System

makefile: add go mod tidy to fmt target for all modules (eb82367)

v1.21.14

1.21.14 (2026-06-03)

⚠ BREAKING CHANGES

entity,command,rpc: None - all changes are additive with backward compatibility maintained through fallback to non-context variants.

task: RunFilter.matches() renamed to RunFilter.Matches(); runMetaFromSnapshot() renamed to RunMetaFromSnapshot()

api,openapi,lint: annotateEntityOperationCommand now requires an additional optionalID boolean parameter.

♻️ Code Refactoring

timeseries: replace oipa references with generic app prefix (d0cb68e)

✨ Features

api,openapi,lint: Add optional ID support for entity actions and expand formatting helpers (706ab62)

entity,command,rpc: add context-aware data functions for request-scoped state (394a69c)

lint: add render builder validation and helper-backed type detection (dd00e26)

metrics: add timeseries metrics store with in-memory and valkey backends (786c3a5)

task: Add OnBeforeGC hook and RunsRaw for GC lifecycle control (4505a9f)

task: Add task registry with run listing, filtering, and drill-down APIs (3045cfc)

🐛 Bug Fixes

... (truncated)

Changelog

Sourced from github.com/flanksource/clicky's changelog.

1.21.15 (2026-06-07)

⚠ BREAKING CHANGES

entity: runEntityOp now extracts paged results via PageRows() interface method before formatting, changing how paged responses are serialized in RPC responses.

✨ Features

entity: add pagination support for entity list operations (6903915)

rpc,entity: add context-aware filter lookup support for request-scoped state (442a560)

🐛 Bug Fixes

entity,rpc: address PR review comments and lint e2e go.sum failures (28bd967)

📦 Build System

makefile: add go mod tidy to fmt target for all modules (eb82367)

1.21.14 (2026-06-03)

⚠ BREAKING CHANGES

entity,command,rpc: None - all changes are additive with backward compatibility maintained through fallback to non-context variants.

task: RunFilter.matches() renamed to RunFilter.Matches(); runMetaFromSnapshot() renamed to RunMetaFromSnapshot()

api,openapi,lint: annotateEntityOperationCommand now requires an additional optionalID boolean parameter.

♻️ Code Refactoring

timeseries: replace oipa references with generic app prefix (d0cb68e)

✨ Features

api,openapi,lint: Add optional ID support for entity actions and expand formatting helpers (706ab62)

entity,command,rpc: add context-aware data functions for request-scoped state (394a69c)

lint: add render builder validation and helper-backed type detection (dd00e26)

metrics: add timeseries metrics store with in-memory and valkey backends (786c3a5)

task: Add OnBeforeGC hook and RunsRaw for GC lifecycle control (4505a9f)

task: Add task registry with run listing, filtering, and drill-down APIs (3045cfc)

🐛 Bug Fixes

examples: tag standalone demos with //go:build ignore (11bbd07)

rpc: serve ExecutionResponse envelope for structured wire formats (f01a56a)

... (truncated)

Commits

cece0c9 chore(release): 1.21.15 [skip ci]
28bd967 fix(entity,rpc): address PR review comments and lint e2e go.sum failures
eb82367 build(makefile): add go mod tidy to fmt target for all modules
6903915 feat(entity): add pagination support for entity list operations
442a560 feat(rpc,entity): add context-aware filter lookup support for request-scoped ...
1dd7af6 chore(release): 1.21.14 [skip ci]
394a69c feat(entity,command,rpc): add context-aware data functions for request-scoped...
d058287 fix(task): WaitFor returns result after in-closure terminal SetStatus
c4eee78 build(webapp): Add placeholder index.html for go:embed resolution in CI
5e91e2f chore(examples): tidy go.mod after tagging demos as build-ignore
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/gittestserver from 0.28.0 to 0.29.0

Commits

3ba849f Merge pull request #919 from fluxcd/auth-valid-registry
d89e633 [RFC-0010] Validate artifact repository for all auth providers
1985bd8 Merge pull request #918 from fluxcd/gogit-agnostic
5b6454a Package git/gogit should be agnostic of providers
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

v5: plumbing: transport/ssh, Shell-quote path by @hiddeco in go-git/go-git#2068

v5: git: submodule, Fix relative URL resolution by @hiddeco in go-git/go-git#2070

v5: git: submodule, canonical remote for relative URLs by @hiddeco in go-git/go-git#2074

v5: git: submodule, error on remote without URLs by @hiddeco in go-git/go-git#2078

v5: plumbing: format/idxfile, Validate offset64 indices by @hiddeco in go-git/go-git#2084

v5: *: Reject malformed variable-length integers by @hiddeco in go-git/go-git#2092

v5: plumbing: format/packfile, Tighten delta validation by @hiddeco in go-git/go-git#2091

v5: Add worktreeFilesystem wrapper for worktree and hardening by @hiddeco in go-git/go-git#2100

v5: config: validate submodule names by @hiddeco in go-git/go-git#2082

build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2111

v5: git: Allow MkdirAll on worktree-root paths by @hiddeco in go-git/go-git#2117

v5: git: Stop validating symlink target paths by @pjbgf in go-git/go-git#2116

v5: plumbing: format decoder input bounds and contracts by @hiddeco in go-git/go-git#2125

plumbing: format/packfile, cap delta chain depth in parser by @pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

Commits

3c3be60 Merge pull request #2137 from go-git/validate-v5
3fba897 plumbing: format/packfile, cap delta chain depth in parser
a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
aeaa125 plumbing: format/objfile, require Header before Read
1f38e17 plumbing: format/packfile, bound inflate size
f7545a0 plumbing: format/idxfile, bound nr by file size
170b881 Merge pull request #2116 from pjbgf/symlink-v5
7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
f0709b3 git: Stop validating symlink target paths
776d00f git: Allow MkdirAll on worktree-root paths
Additional commits viewable in compare view

Updates github.com/mark3labs/mcp-go from 0.53.0 to 0.54.1

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.54.1

No release notes provided.

Release v0.54.0

What's Changed

fix(server): handle resources/subscribe and resources/unsubscribe (#865) by @ezynda3 in mark3labs/mcp-go#873

fix(oauth): use LATEST_PROTOCOL_VERSION in metadata discovery (#868) by @ezynda3 in mark3labs/mcp-go#874

fix(oauth): don't hold metadataMu across HTTP discovery (#871) by @ezynda3 in mark3labs/mcp-go#875

feat(mcp): add 2025-11-25 sampling-with-tools and capability sub-fields (#867) by @ezynda3 in mark3labs/mcp-go#876

refactor: use MCP method constants by @nanookclaw in mark3labs/mcp-go#878

docs: add missing godoc comments by @aqilaziz in mark3labs/mcp-go#877

fix: add panic recovery to SSE message handler and stdio tool call worker by @blackwell-systems in mark3labs/mcp-go#882

fix: add panic recovery to task goroutines, fix cleanup goroutine leak by @blackwell-systems in mark3labs/mcp-go#880

feat: add OpenTelemetry tracing hooks to server and client by @QuentinBisson in mark3labs/mcp-go#856

fix: add panic recovery to session hook goroutines by @blackwell-systems in mark3labs/mcp-go#883

feat(mcp): add BaseMetadata.title, Icon.theme, Resource.size (#870) by @ezynda3 in mark3labs/mcp-go#885

New Contributors

@nanookclaw made their first contribution in mark3labs/mcp-go#878

@aqilaziz made their first contribution in mark3labs/mcp-go#877

Full Changelog: mark3labs/mcp-go@v0.53.0...v0.54.0

Commits

481f056 fix(tools): print errors to stderr for invalid jsonschema tags (#894)
6e7859c perf(mcp): reduce content unmarshal allocations (#890)
018f190 Add Title and Size to ResourceLink (match Resource / spec) (#887)
ca26738 cleanup
76ea91b refactor(server): collapse client-info and writeJSONRPCError duplication (#886)
fac90b6 fmt
b817eff feat(mcp): add BaseMetadata.title, Icon.theme, Resource.size (#870) (#885)
602478c fix: add panic recovery to session hook goroutines (#883)
14ddeb3 feat: add OpenTelemetry tracing hooks to server and client (#856)
3f8fc8e fix: add panic recovery to task goroutines, fix cleanup goroutine leak (#880)
Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.67.5 to 0.68.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.68.1

What's Changed

build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 by @dependabot[bot] in prometheus/common#903

build(deps): bump golang.org/x/net from 0.53.0 to 0.55.0 by @dependabot[bot] in prometheus/common#914

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#915

Full Changelog: prometheus/common@v0.68.0...v0.68.1

v0.68.0

What's Changed

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#873

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#874

build(deps): bump github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1 by @dependabot[bot] in prometheus/common#879

build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in prometheus/common#878

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#875

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#880

Remove logic adding unit to metrics name by @vesari in prometheus/common#877

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#881

Update for Go 1.26 by @SuperQ in prometheus/common#883

build(deps): bump golang.org/x/net from 0.49.0 to 0.51.0 by @dependabot[bot] in prometheus/common#882

version: Add a slog helper by @SuperQ in prometheus/common#886

Remove Arthur from maintainers list by @ArthurSens in prometheus/common#885

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#895

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#896

config: change NewOAuth2RoundTripper to accept variadic HTTPClientOption by @alliasgher in prometheus/common#898

config: guard against nil oauth2 credential in RoundTrip by @alliasgher in prometheus/common#897

build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 by @dependabot[bot] in prometheus/common#890

build(deps): bump go.yaml.in/yaml/v2 from 2.4.3 to 2.4.4 by @dependabot[bot] in prometheus/common#891

build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.36.0 by @dependabot[bot] in prometheus/common#892

Move interface assertions to a test file by @msiegen in prometheus/common#839

fix(http_config): fix client cert rotation when no CA is configured by @machine424 in prometheus/common#908

Remove CircleCI by @ArthurSens in prometheus/common#910

Fix: apply DialContextFunc to OAuth2 token-fetch transport by @yuri-tceretian in prometheus/common#911

New Contributors

@alliasgher made their first contribution in prometheus/common#898

@msiegen made their first contribution in prometheus/common#839

@machine424 made their first contribution in prometheus/common#908

@yuri-tceretian made their first contribution in prometheus/common#911

Full Changelog: prometheus/common@v0.67.5...v0.68.0

Commits

2120573 Update common Prometheus files (#915)
228386a build(deps): bump golang.org/x/net from 0.53.0 to 0.55.0 (#914)
b8c88b4 build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 (#903)
1e0ae83 config: apply DialContextFunc to OAuth2 token-fetch transport (#911)
b51d01b Remove CircleCI (#910)
0f3c348 Merge pull request #908 from machine424/ttlsco
732a9cf fix(http_config): fix client cert rotation when no CA is configured
ce9215c Move interface assertions to a test file (#839)
1ba5ed7 build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.36.0 (#892)
8f8ada6 build(deps): bump go.yaml.in/yaml/v2 from 2.4.3 to 2.4.4 (#891)
Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.19.0 to 9.20.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.20.0

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).

INCREX (#3816) — atomic increment with expiration in a single round-trip.

XNACK (#3790) — explicit negative-acknowledge of pending stream entries.

XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.

TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.

Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.

JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @ofekshenawa. Command coverage contributions by @cxljs, @elena-kolevska, @Khukharr, @ndyakov, and @ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

FT.SEARCH, FT.AGGREGATE, FT.INFO, FT.SPELLCHECK, and FT.SYNDUMP now parse RESP3 (map) responses into the same typed result objects as RESP2 — Val() and Result() work uniformly on both protocols, no flag required. Previously, RESP3 search responses required UnstableResp3: true and were returned as opaque maps accessible only via RawResult() / RawVal().

As a result, the UnstableResp3 option is now a no-op across every options struct (Options, ClusterOptions, UniversalOptions, FailoverOptions, RingOptions) and has been marked // Deprecated:. The field is retained for backwards compatibility — existing code that sets UnstableResp3: true will continue to compile and behave identically — but it will be removed in a future release and new code should not set it. RawResult() / RawVal() continue to work for callers that prefer the raw RESP payload.

(#3741) by @ndyakov

Experimental Array Data Structure Commands

Adds an experimental ArrayCmdable interface with the AR* command family (ARSet, ARGet, ARGetRange, ARMSet, ARMGet, ARDel, ARDelRange, ARScan, ARSeek, ARNext, ARLastItems, ARGrep, ARGrepWithValues, ARInfo/ARInfoFull, and typed reducers AROpSum/AROpMin/AROpMax/AROpAnd/AROpOr/AROpXor/AROpMatch/AROpUsed) for working with Redis 8.8's new array data type. API is experimental and may change in a future release.

(#3813) by @cxljs

✨ New Features

RESP3 search parser: First-class RESP3 parsing for FT.SEARCH/FT.AGGREGATE/FT.INFO/FT.SPELLCHECK/FT.SYNDUMP responses with backwards compatibility for RESP2 (#3741) by @ndyakov

INCREX: New INCREX command support — atomic increment with expiration (#3816) by @ndyakov

XNACK: Client support for the XNACK stream command for explicitly negative-acknowledging pending entries (#3790) by @elena-kolevska

TS range multiple aggregators: TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE now accept multiple aggregators in a single call (#3791) by @elena-kolevska

XAutoClaim deleted IDs: XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the PEL (#3798) by @Khukharr

JSON.SET FPHA: JSON.SET accepts a new FPHA argument that specifies the floating-point type for homogeneous floating-point arrays (#3797) by @ndyakov

Sorted-set union/intersection COUNT: ZUNION/ZINTER/ZDIFF aggregator now supports COUNT (#3802) by @ofekshenawa

FT.HYBRID vector validation: Validates hybrid-search vector input types and adds proper typed vector parameters (#3756) by @DengY11

Cluster pool wait stats: ClusterClient.PoolStats() now accumulates WaitCountDescription has been truncated

…9 updates Bumps the go-dependencies group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` | | [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` | | [github.com/ory/client-go](https://github.com/ory/client-go) | `1.22.39` | `1.22.48` | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.42.0` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.24` | | [github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs](https://github.com/aws/aws-sdk-go-v2) | `1.73.0` | `1.75.2` | | [github.com/flanksource/clicky](https://github.com/flanksource/clicky) | `1.21.9` | `1.21.15` | | [github.com/fluxcd/pkg/gittestserver](https://github.com/fluxcd/pkg) | `0.28.0` | `0.29.0` | | [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.53.0` | `0.54.1` | | [github.com/prometheus/common](https://github.com/prometheus/common) | `0.67.5` | `0.68.1` | | [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.19.0` | `9.20.0` | | [github.com/samber/oops](https://github.com/samber/oops) | `1.21.0` | `1.22.0` | | [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.23.1` | `0.25.0` | | [go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.20.0` | `0.21.0` | | [google.golang.org/genai](https://github.com/googleapis/go-genai) | `1.56.0` | `1.59.0` | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.21.1` | `1.22.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.37.0` | `0.38.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.279.0` | `0.283.0` | Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.2...v5.10.0) Updates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.28.3...v2.29.0) Updates `github.com/onsi/gomega` from 1.40.0 to 1.41.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.40.0...v1.41.0) Updates `github.com/ory/client-go` from 1.22.39 to 1.22.48 - [Commits](ory/client-go@v1.22.39...v1.22.48) Updates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.42.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.7...v1.42.0) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.24 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.32.17...config/v1.32.24) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.23 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.19.16...credentials/v1.19.23) Updates `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs` from 1.73.0 to 1.75.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.73.0...service/s3/v1.75.2) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.1 to 1.43.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.42.1...service/amp/v1.43.3) Updates `github.com/flanksource/clicky` from 1.21.9 to 1.21.15 - [Release notes](https://github.com/flanksource/clicky/releases) - [Changelog](https://github.com/flanksource/clicky/blob/main/CHANGELOG.md) - [Commits](flanksource/clicky@v1.21.9...v1.21.15) Updates `github.com/fluxcd/pkg/gittestserver` from 0.28.0 to 0.29.0 - [Commits](fluxcd/pkg@git/v0.28.0...git/v0.29.0) Updates `github.com/go-git/go-git/v5` from 5.19.0 to 5.19.1 - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v5.19.0...v5.19.1) Updates `github.com/mark3labs/mcp-go` from 0.53.0 to 0.54.1 - [Release notes](https://github.com/mark3labs/mcp-go/releases) - [Commits](mark3labs/mcp-go@v0.53.0...v0.54.1) Updates `github.com/prometheus/common` from 0.67.5 to 0.68.1 - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](prometheus/common@v0.67.5...v0.68.1) Updates `github.com/redis/go-redis/v9` from 9.19.0 to 9.20.0 - [Release notes](https://github.com/redis/go-redis/releases) - [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md) - [Commits](redis/go-redis@v9.19.0...v9.20.0) Updates `github.com/samber/oops` from 1.21.0 to 1.22.0 - [Release notes](https://github.com/samber/oops/releases) - [Commits](samber/oops@v1.21.0...v1.22.0) Updates `github.com/slack-go/slack` from 0.23.1 to 0.25.0 - [Release notes](https://github.com/slack-go/slack/releases) - [Changelog](https://github.com/slack-go/slack/blob/master/CHANGELOG.md) - [Commits](slack-go/slack@v0.23.1...v0.25.0) Updates `go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho` from 0.68.0 to 0.69.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.68.0...zpages/v0.69.0) Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `golang.org/x/sync` from 0.20.0 to 0.21.0 - [Commits](golang/sync@v0.20.0...v0.21.0) Updates `google.golang.org/genai` from 1.56.0 to 1.59.0 - [Release notes](https://github.com/googleapis/go-genai/releases) - [Changelog](https://github.com/googleapis/go-genai/blob/main/CHANGELOG.md) - [Commits](googleapis/go-genai@v1.56.0...v1.59.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.21.1 to 1.22.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.21.1...sdk/azcore/v1.22.0) Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0 - [Commits](golang/crypto@v0.51.0...v0.52.0) Updates `golang.org/x/text` from 0.37.0 to 0.38.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.37.0...v0.38.0) Updates `google.golang.org/api` from 0.279.0 to 0.283.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.279.0...v0.283.0) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/onsi/gomega dependency-version: 1.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/ory/client-go dependency-version: 1.22.48 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs dependency-version: 1.75.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.43.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/flanksource/clicky dependency-version: 1.21.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/fluxcd/pkg/gittestserver dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/mark3labs/mcp-go dependency-version: 0.54.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/prometheus/common dependency-version: 0.68.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/redis/go-redis/v9 dependency-version: 9.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/samber/oops dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/slack-go/slack dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho dependency-version: 0.69.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: google.golang.org/genai dependency-version: 1.59.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: google.golang.org/api dependency-version: 0.283.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-06-09T05:53:27Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability
golang/github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.1 ⏵ v1.22.0	⁺¹
golang/github.com/aws/aws-sdk-go-v2@v1.41.7 ⏵ v1.42.0	⁺¹
golang/github.com/onsi/gomega@v1.41.0
golang/google.golang.org/genai@v1.56.0 ⏵ v1.59.0	⁺¹
golang/github.com/slack-go/slack@v0.23.1 ⏵ v0.25.0	⁺¹
golang/github.com/mark3labs/mcp-go@v0.53.0 ⏵ v0.54.1	⁺¹
golang/github.com/jackc/pgx/v5@v5.9.2 ⏵ v5.10.0	⁺¹
golang/github.com/flanksource/clicky@v1.21.9 ⏵ v1.21.15	⁺¹
golang/golang.org/x/crypto@v0.51.0 ⏵ v0.52.0	⁺¹
golang/github.com/redis/go-redis/v9@v9.19.0 ⏵ v9.20.0	⁺¹
golang/go.opentelemetry.io/otel@v1.43.0 ⏵ v1.44.0	⁺¹	⁺²
golang/golang.org/x/text@v0.38.0
golang/google.golang.org/api@v0.279.0 ⏵ v0.283.0	⁺¹
golang/github.com/prometheus/common@v0.67.5 ⏵ v0.68.1	⁺¹
golang/github.com/go-git/go-git/v5@v5.19.0 ⏵ v5.19.1	⁺¹	⁺⁴
golang/github.com/onsi/ginkgo/v2@v2.29.0
golang/github.com/ory/client-go@v1.22.39 ⏵ v1.22.48	^-1
golang/github.com/aws/aws-sdk-go-v2/config@v1.32.17 ⏵ v1.32.24
golang/go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho@v0.68.0 ⏵ v0.69.0
golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.16 ⏵ v1.19.23
golang/go.opentelemetry.io/otel/sdk@v1.43.0 ⏵ v1.44.0	⁺¹
golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.42.1 ⏵ v1.43.3	⁺¹
golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.43.0 ⏵ v1.44.0	⁺¹
golang/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs@v1.73.0 ⏵ v1.75.2	⁺¹
golang/github.com/samber/oops@v1.21.0 ⏵ v1.22.0	⁺¹
golang/golang.org/x/sync@v0.21.0
golang/github.com/fluxcd/pkg/gittestserver@v0.28.0 ⏵ v0.29.0
golang/go.opentelemetry.io/otel/trace@v1.43.0 ⏵ v1.44.0	⁺¹
golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.43.0 ⏵ v1.44.0

View full report

socket-security · 2026-06-09T05:53:29Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: golang `golang.org/x/tools` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/charmbracelet/huh@v1.0.0` → `golang/sigs.k8s.io/controller-runtime@v0.24.1` → `golang/github.com/google/cel-go@v0.28.1` → `golang/k8s.io/apimachinery@v0.36.1` → `golang/k8s.io/client-go@v0.36.1` → `golang/google.golang.org/grpc@v1.81.1` → `golang/github.com/onsi/ginkgo/v2@v2.29.0` → `golang/github.com/go-git/go-git/v5@v5.19.1` → `golang/github.com/flanksource/gomplate/v3@v3.24.82` → `golang/github.com/flanksource/commons@v1.53.1` → `golang/github.com/flanksource/duty@v1.0.1326` → `golang/github.com/flanksource/clicky@v1.21.15` → `golang/golang.org/x/text@v0.38.0` → `golang/github.com/henvic/httpretty@v0.1.4` → `golang/github.com/tmc/langchaingo@v0.1.14` → `golang/golang.org/x/tools@v0.45.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/tools@v0.45.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: golang `modernc.org/libc` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/flanksource/duty@v1.0.1326` → `golang/github.com/flanksource/clicky@v1.21.15` → `golang/modernc.org/libc@v1.72.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/modernc.org/libc@v1.72.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: golang `modernc.org/libc` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/flanksource/duty@v1.0.1326` → `golang/github.com/flanksource/clicky@v1.21.15` → `golang/modernc.org/libc@v1.72.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/modernc.org/libc@v1.72.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 9, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go-dependencies group across 1 directory with 29 updates#3204

chore(deps): bump the go-dependencies group across 1 directory with 29 updates#3204
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-fa8d78f50c

dependabot Bot commented on behalf of github Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 9, 2026

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

v2.29.0

2.29.0

2.29.0

1.41.0

Features

Fixes

v1.21.15

1.21.15 (2026-06-07)

⚠ BREAKING CHANGES

✨ Features

🐛 Bug Fixes

📦 Build System

v1.21.14

1.21.14 (2026-06-03)

⚠ BREAKING CHANGES

♻️ Code Refactoring

✨ Features

🐛 Bug Fixes

1.21.15 (2026-06-07)

⚠ BREAKING CHANGES

✨ Features

🐛 Bug Fixes

📦 Build System

1.21.14 (2026-06-03)

⚠ BREAKING CHANGES

♻️ Code Refactoring

✨ Features

🐛 Bug Fixes

v5.19.1

What's Changed

Release v0.54.1

Release v0.54.0

What's Changed

New Contributors

v0.68.1

What's Changed

v0.68.0

What's Changed

New Contributors

9.20.0

🚀 Highlights

Redis 8.8 Support

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

Experimental Array Data Structure Commands

✨ New Features

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Stable RESP3 for RediSearch (`UnstableResp3` deprecated)